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Computers are a powerful and effec- 
tive tool for any criminal. At the touch 
of a button they can steal millions of 
pounds, destroy companies, and peddle 
child pornography so evil it defies de- 
scription. 

As a source of evidence they are un- 
rivalled, holding as much information in 
a tiny hard drive as a stack of filing cabi- 
nets brimming with paper. 

That is why the science and practice 
of forensic computing - the investiga- 
tion of computer crime and the prepa- 
ration of computer evidence - is becom- 
ing recognised worldwide as a vital part 
of any police or law enforcement unit. 

But we have to make sure we get it 
right at this stage, or risk losing the al- 
ready considerable momentum. 

In this month's Journal we continue 
our report on a case in which a vast 
amount of pornography was found on 
computers at a UK defence research 
centre. The investigation and subsequent 
prosecution were riddled with problems, 
many of them arising from a fundamen- 
tal lack of understanding about forensic 
computing. 

Well meaning but ill-informed staff 
made the preliminary examination of the 
systems and unwittingly contaminated 
the evidence to an alarming degree. Ac- 
curate logs and records of events and 
actions were not taken and information 
was misinterpreted leading to false con- 
clusions about who was responsible for 
the pornography. 

But this situation is not as bleak as it 
sounds. Forensic computing is a science 
and as such we can learn as much from 
our mistakes as we can from our suc- 
cesses. 

The important thing is to take on 
board what went wrong, in whatever in- 



vestigation or prosecution, so we can re- 
examine our methods and techniques and 
refine them to avoid encountering the 
same problems. 

This process, involving investigators, 
law enforcement groups, lawyers, poli- 
ticians and the judiciary, is a slow and 
complex one, and there will be many 
casualties along the way. But if this evo- 
lution results in a global acceptance of 
the basic principles and goals involved 
in computer investigation, it will have 
been worth it. 

There will be conflicts and arguments 
as the courts and expert witnesses them- 
selves debate what is and is not accept- 
able. This is fine, but we have to guard 
against the risk that the whole profes- 
sion will be dragged down to the point 
where credibility and goodwill is lost. 

Continuity, communication and co- 
operation between everyone working in 
this important sector should lay the key- 
stones for the future and ensure that the 
best possible methods are employed to 
catch the criminals. 

In the same vein, this month the 
Journal also covers the Dutch child porn 
investigation. 

What the outcome of this will be, no 
one knows. One thing looks likely 
though, and that is that the case will cause 
Shockwaves throughout Europe and the 
world as the horrific details of a child 
pornography making business emerge. 

If we learn from the lesson, it could 
result in new laws and greater interna- 
tional co-operation to stamp out this 
evil trade. 

But if we do the minimum and sweep 
the implications under the carpet it will 
let other paedophiles flourish, along 
with the suffering of countless innocent 
children. 
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News 



US military go on 
hacking offensive 

In what deputy Defence Secretary 
John Harare called a radical departure, 
the Defence Department is creating a 
new office to defend the United States 5 
infrastructure from cyber attack. 

It's radical because the scope of the 
work is outside OOB's jurisdiction, he 
said last month at the Defence Special 
Weapons Agency's Annual International 
Conference on Controlling Arms. 

"The Department of Defence only 
deals with threats outside of the borders 
ofthe United States," Hamre said. "If it's 
inside of the borders of the United 
States, it is a law enforcement problem." 

With the exception of locks and 
dams, which fall under the auspices of 
the Army Corps of Engineers, DOD has 
not had responsibility for protecting the 
nation's infrastructure, Hamre said. 

But in the digital information age, 
split-second global computer commu- 
nications makes internal and external 
threats harder to define, he added. 

"Cyberspace doesn't know geo- 
graphical boundaries," Hamre said. 
"We're looking at a future where, 
frankly, DOD doesn't have any primary 
responsibility or jurisdiction but almost 
inevitably will be pulled in very early in 
any cyber protection role." 

The new office, which DOD officials 
still must name, will be part of the Of- 
fice of the Assistant Secretary of De- 
fence for Command, Control, Commu- 
nications and Intelligence and will man- 
age Defence efforts to safeguard the 
nation's critical infrastructures. 

These include telecommunications, 
banking and finance, energy, transporta- 
tion and essential government services. 

"Because of our constitutional ori- 
entation and our history, (the DOD) is 
not going to be the lead in anything, but 
we will be the backbone of everything, 
when you get down to it," he said. 

The DOD office will work closely 
with the Justice Department's National 
Infrastructure Protection Centre and the 
multi-agency Critical Infrastructure As- 
surance Office, Hamre said. 

"We have committed ourselves and 
are supporting the National Infrastruc- 



ture Protection Centre," Hamre said. 
"We provide the deputy, and we'll pro- 
vide, I believe, three of the five heads 
of the directorates." 

The FBI's new National Infrastruc- 
ture Protection Centre, at FBI headquar- 
ters and headed by Michael Vatis, will 
gather threat and vulnerability data and 
then disseminate analyses and warnings 
of threats to both the government and 
private sector. 

"We are actively partnering with the 
Department of Justice and the FBI," 
Hamre said. "I meet on a monthly basis 
with the attorney general and with the 
director ofthe FBI as we are laying out 
our plans on the NIPC." 

The Critical Infrastructure Assur- 
ance Office, which the Commerce De- 
partment spearheads, serves as the plan- 
ning office for the Clinton administra- 
tion's Critical Infrastructure Protection 
Program and works with Richard Clarke, 
the newly appointed national co- 
ordinator for security, infrastructure pro- 
tection and counter terrorism. 

• The US Army is setting up 
SWAT teams to battle computer hack- 
ers, who have made the military a favour- 
ite target. "This is the fire brigade," said 
Lt. Gen. William Campbell, chief of the 
Army's information systems. 

The military is growing increasingly 
reliant on computers. Once reserved for 
secret tasks such as nuclear testing, 
computers are now used to keep person- 
nel records, track inventory and commu- 
nicate with contractors. Much of that 
work is done on the Internet, opening 
the door for mischief. 

"The threat is global and ranges in 
scope from a single, non-malicious in- 
trusion to a potentially organised effort 
by a foreign adversary," Col. James Gib- 
bons said. 

The Army Computer Emergency Re- 
sponse Teams, mirrored in the other 
services, are the latest layer of defence. 

Specialised troops, backed by civil- 
ian experts, monitor networks for signs 
of intrusion, take emergency calls from 
system operators and, if needed, rush to 
the site of an afflicted computer. They 
track the latest hacker techniques. 

"For every measure, there's a coun- 
termeasure. Every time that you think 



you have something fixed, you'd better 
go back and check it again," Campbell 
said. 

Special Agent Jim Christy, of the Air 
Force Office of Special Investigations, 
is on a team working to co-ordinate 
hacker defence in the military and gov- 
ernment agencies. 

He said the military was ahead while 
"state and local governments haven't 
even thought about this." 

Much work remains, he said: "We 
only catch the dumb ones. I'm not sure 
we have the capability yet, if it were a 
very sophisticated attack." 

ViRii members admit 
infiltrating computers 

Two teenage members of the ViRii 
group, which over the past year has bro- 
ken into hundreds of government and 
university computer systems, have 
pleaded guilty to juvenile delinquency. 

Last February 25, the FBI raided the 
Californian homes of the two youths, 
aged 15 and 16, and confiscated com- 
puter and related equipment as part of a 
worldwide round-up of ViRii members. 

Also detained at that time were 
Calidan Levi Coffrnan, 20, from Wash- 
ington state, Ehud Tenebaum, 18, of Tel 
Aviv, Israel, and two other Israeli teen- 
agers. Tenebaum, considered the leader 
of the ViRii group, is known by his 
"Analyzer" alias online. 

According to US Attorney Michael 
Yamaguchi, the two Californian teens, 
who have not been named, admitted to 
infiltrating a number of federal civilian 
and military computer networks, as well 
as university computer systems, and in- 
stalling wiretaps, or "sniffers," to inter- 
cept passwords. 

Although no sentencing date was ar- 
ranged by US District Judge Maxine 
Chesney, Assistant US Attorney Albert 
Glenn said the teens probably would be 
sentenced to a probationary period that 
could include limited and supervised ac- 
cess to computers and modems, and be- 
ing banned from computer jobs during 
their probation. 

"Each juvenile will only be able to 
access a remote computer system un- 
der the supervision of a school teacher, 
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a librarian, an employer, or other per- 
son approved by the probation office," 
Yamaguchi said, and would be forbidden 
from using a modem at home. 

"The government takes very seri- 
ously any attacks on the computer sys- 
tems which have become so much a part 
of the American infrastructure," 
Yamaguchi said. 

"We all rely heavily on these com- 
puters operating properly on a day-to- 
day basis, and any intrusion can lead to 
major disruption in important public and 
private services." 

The teenagers, and Coffman, still 
may also face civil suits from a number 
of Internet service providers and US uni- 
versities which are claiming hundreds of 
thousands of dollars in lost revenues and 
damage to their systems. 

Coffman, who was arrested by spe- 
cial agents from the NASA Computer 
Crimes Division, was also charged with 
possession of unauthorised computer 
passwords. That case is pending pros- 
ecution in Portland, Oregon. 

NASA Inspector General Roberta L. 
Gross said the agents' investigation re- 
vealed evidence about ViRii breaking 
into a large number of government, cor- 
porate and university Net-based sys- 
tems. Gross said the NASA investiga- 
tion into ViRii started in June 1997, 
when network security officials at the 
agency's Jet Propulsion Laboratory in 
Pasadena, California, detected a prob- 
lem with a network server there. 

The investigation established that the 
NASA server was controlled by intrud- 
ers, Gross said, and that a number of for- 
eign and US sites were used by the in- 
truders as conduit points of attack to con- 
trol the JPL server and to launch further 
attacks against ViRii targets. 

In January separate attacks against 
other government sites, including seven 
US Air Force sites and four US Navy 
sites, brought the FBI and the Air Force 
Office of Special Investigations to fo- 
cus on the Analyzer. 

The nationwide attacks, Hamre said, 
involved unclassified information, in- 
cluding personnel and payroll records, 
and were felt by all branches of the mili- 
tary. Although the ViRii group appears 
to be primarily teenagers and young 
males in their 20s, Thomas J. Talleur, di- 



rector of the NASA's Computer Crimes 
Division, said that many of today's 
"hackers are not juveniles playing 
games." 

"The serious threats are coming 
from militias and other fringe groups 
who seriously want to disrupt and de- 
stroy the government, as well as from 
international terrorists and groups try- 
ing to spy by computer," he said. 

"Computer security problems will 
get a lot worse before they get better," 
Talleur said. 

Thai police want to 
monitor Net 

Police in Thailand are asking com- 
munication authorities if they can moni- 
tor telephone numbers of Internet users. 

Police Col. Chalermkiat Srivorakan, 
an assistant to the director of the Royal 
Thai Police Department, said the depart- 
ment wants the Telephone Organisation 
of Thailand to provide caller ID features 
for all local numbers used to connect to 
the Internet network. 

The department wants to know all 
Internet users' login name and the phone 
number they use for Internet access. 

Col Srivoraken said this was "to pro- 
tect against any crimes that may occur 
on the network". 

He said: "All Internet access in Thai- 
land will be monitored by the depart- 
ment." 

"Telephone numbers that are used to 
access the Internet will be displayed at 
the department's server so we know what 
every Internet user is doing. The display, 
which is similar to the caller ID feature 
used on some mobile phones, will al- 
low police to increase their efficiency 
in crime prevention and suppression on 
the network." 

He added that the department re- 
cently submitted a proposal to TOT and 
is now waiting for approval. 

The department claims that the idea 
to display the numbers that Internet us- 
ers are using is a part of the Internet Po- 
lice project which uses the Internet as a 
new way to get criminal information 
from the public. 

People are expected to inform the 
police about sources of crimes and other 



criminal information through the net 
work anytime, anywhere. Police say tha 
as a result, they can get criminal infor 
mation rapidly, helping them to suppresi 
crimes on time. 

Col Chalermkiat said that at thii 
stage, information on stolen cars anc 
missing persons can be sent to then 
through the Internet. 

However, the department hopes tc 
have citizens informing about compute 
and Internet crime as well as Interne 
hacking in the future. 

Survey says firms risk 
Web business 

A survey conducted by a security 
firm warns that Canadian companies us 
ing the Net are open to fraud because o 
a lack of security. 

According to security and investiga 
tion organisation KPMG's 7th annua 
Canadian Fraud Survey Report, whicl 
polls the chief executives of Canada' 
top 1,000 companies on fraud and cor 
porate security, only 1 1 per cent of re 
spondents believe that the Internet is i 
secure way to send information. 

However, the study shows 43 pe 
cent stated their company uses the In 
ternet to transmit sensitive or private in 
formation, anyway. 

"The increase in electronic com 
merce provides opportunity for fraud ii 
all industries." KPMG Investigation an< 
Security Inc. President Norm Inkste 
said. 

He said that 82 per cent of respond 
ents think their systems are at risk, bu 
only half use Net security measures. 

Copies of the survey are available b] 
phone from Stephen Schneider at +' 
416-777-8465 or through KPMG' 
Web site at http://www.kpmg.ca 

Thai cell operators 
fight phone insecurity 

Mobile phone operators in Thailam 
are using technology to tackle the in 
creasing problem of fraud. 

Cellular phone companies are tryin] 
to tempt new customers with the offer 
of low charges, but this has proved to b 
a double edged sword. 
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Instead of paying the 12 baht to 18 
baht ($0.28 to $0.43) per minute for a 
call to a province like Chiang Mai and 
Phuket, people find it cheaper to pay just 
3 baht ($0.07) a minute by using mobile 
phones. 

This cheap telephone service became 
popular when "unwanted resellers" 
stopped buying mobile phones from le- 
gal channels to enjoy the discounts, and 
have instead started tapping signals from 
registered phones. 

The country's largest cellular phone 
operator, Advanced Info Service Pic has 
lost about 170 million baht ($4.04 mil- 
lion) in such illegal phone calls and so 
has decided to install a more secure sys- 
tem, worth 400 million baht ($9.50 mil- 
lion). 

"Safety is a very sensitive issue. We 
have spent a lot to make sure our cus- 
tomers are safe," president of the com- 
munication company, Somprasong 
Boonyachai said. 

The company has two security sys- 
tems on offer. Subscriber Identity Se- 
curity which is used to protect analogue 
mobile phones from being tapped and the 
Fraud Management System which moni- 
tors the system to tackle heavy usage of 
mobile phones as done for public phone 
purposes. 

AIS claims it is among the very first 
in the world to complete the SIS sys- 
tem, which it completed within two 
years, whereas Sweden, where more 
mobile phones are used, took a lot 
longer. 

"About 14,000 subscribers, or only 
two per cent of our 745,000 analogue 
phones, have not been installed with 
SIS," Somprasong said. 

Its rival, Total Access Communica- 
tion, has a serious plan to limit airtime 
for its mobile phone users. 

The operator also offers a PIN Se- 
curity system which prevents handsets 
from being used for overseas calls. 

Cellular phone operators have al- 
ready declared war on illegal phone pro- 
viders by shutting down some handsets. 

AIS ? s vice-president for operation 
support, Arpattra Sringkarrinkul, said the 
Fraud Management System had already 
caught more than 1,000 mobile phones 
used illegally. 

The fraud system specifically tracks 



outgoing calls to different destinations 
everyday, which shows if handsets are 
being used for commercial purposes. 

"AIS cancels phones, making the 
owners contact us," Arpattra said. 

Cyber chat turns to 
physical bat 

A US man was attacked and beaten 
unconscious after he had been using an 
online chatting room. 

The 22-year-old man from South 
Brunswick, New Jersey, was a frequent 
visitor to a Filipino chat room on 
America Online. 

Seven men from New York allegedly 
discovered who he was and where he 
lived through another participant in the 
chat room. 

"There was no history between (the 
victim and the assailants)," Det. James 
Kinard of the South Brunswick Police 
Department said. "They didn't know each 
other." 

Kinard said the victim and his assail- 
ants first met anonymously over a year 
ago while visiting the chat room on 
America Online. 

"Apparently, somebody said some- 
thing," cyber-words were exchanged, 
and the online argument continued for 
more than a year, Kinard said. 

A female university student, also of 
Filipino descent, knew the victim 
through his girl friend, and also met the 
group from New York through the same 
chat line without knowing of the online 
arguments, Kinard said. 

The student unintentionally intro- 
duced the victim and his assailants and 
in a later fight, which went out to the 
street, the seven assailants knocked the 
victim unconscious, Kinard said, and 
later confessed to continuing to beat and 
kick him after he fell to the ground. 

Six men in their late teens and early 
twenties were arrested and charged with 
aggravated assault and possession of a 
weapon, and a 15 year old was charged 
as a juvenile. 

The victim was hospitalised and re- 
leased, Kinard said, but still suffers from 
blackouts. 

"The meeting between the victim and 
the assailants was completely coinciden- 



tal," Kinard said. "But this is the first 
time we know of people who meet 
online actively seek out their victim 
once they find out who he is." 

QuickNet access 
clouds crime 

The Communications Authority of 
Thailand wants to control the way local 
Internet service providers sell their 
packages in a bid to cut crime. 

Since people buying instant Internet 
packages to access the Internet currently 
do not need to provide personal details, 
CAT thinks that some can abuse the prod- 
ucts and commit crime online. 

At present customers can buy 20 
hours of Internet access off the shelf and 
can use the service straight after it is in- 
stalled on their computer. 

People can create their own user ID 
and password and register online with- 
out using a real name, and they get in- 
stant authorisation to participate in the 
network. 

CAT says that this means there is a 
loophole allowing some people to abuse 
the Net and the authority wants online 
firms to incorporate more security into 
their products. 

A spokesman for CAT said that the 
organisation was now considering meet- 
ing local ISPs who sell instant packages 
to ask for a copy of the customer's iden- 
tification card before they buy the prod- 
uct. This would allow ISPs to trace the 
culprits of any offences. 

Vivatvong Vichit-Vadakan, the presi- 
dent of Loxley Information, a local ISP, 
said making Internet package purchas- 
ing more secure could stifle the use of 
the Net in Thailand. 

He said: "I think that in the first stage 
we should encourage Thai people to use 
the Internet by helping them to get quick 
access rather than putting obstacles in 
their way." 

He added that even though ISPs sold 
instant Internet packages to customers 
without requiring any user information 
at the initial stage, when they wanted to 
renew their subscription they had to send 
legal documents such as a copy of their 
ID card to the ISP. 
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Phone hackers put 
firms on alert 

Many companies are unaware that 
they're vulnerable to voice-mail hack- 
ers who may steal confidential informa- 
tion or clog the system. 

The issue is capturing employers 5 at- 
tention in the wake of claims that a re- 
porter from the Cincinnati Enquirer in 
the US stole internal voice mail from 
Chiquita Brands International. 

The newspaper agreed to pay Chiquita 
more than $10 million and publish 
apologies. 

Hackers may find a password, break 
in and listen to messages. They may get 
into an internal phone system and place 
personal calls. 

ICEE-USA, a manufacturing firm in 
Ontario, California, was hit by youths in 
1996. 

The pranksters, who eventually were 
arrested, entered through an 800 
number, made thousands of unauthor- 
ised calls and clogged the voice-mail 
system with messages. 

"Those who assume it can never hap- 
pen to them generally end up having the 
problem," said Alan Brill at Kroll As- 
sociates, a New York-based business in- 
telligence firm. 

Hackers can learn a company's liti- 
gation strategies, information on merg- 
ers and tips that could be used for in- 
side stock trading. 

Less than 10 per cent of 407 firms 
polled had policies for communicating 
confidential information via telephone, 
based on a 1998 survey by the Ameri- 
can Management Association. 

Security experts say avoiding break- 
ins can be as simple as using long pass- 
words and changing access codes regu- 
larly. 

For extreme cases, there are voice- 
recognition systems, which verify 
voices in addition to passwords, says 
Bob Bhavnani, president of 2Va Software 
of Ridgefield, Connecticut. 

In the Cincinnati Enquirer case, a re- 
porter allegedly used illegally retrieved 
voice mail in a story about Chiquita's 
Central America business practices. The 
reporter was fired and faces a civil law- 
suit by Chiquita. 



Hackers attack Air 
Force computers 

A computer system at Elgin Air 
Force Base in Florida in the US was il- 
legally breached but the break-in was 
detected before any damage occurred. 

According to the US Air Force Of- 
fice of Special Investigations, the break- 
in was detected after the intruder was 
able to enter a Silicon Graphics 
workstation. 

But Dave Sears, a computer scien- 
tist with the USAF 96th Communications 
Group, said automatic security pro- 
grams detected the break-in and blocked 
further access to supercomputers and 
other systems at the base. 

Other computer systems, including 
those belonging to the German Free 
Democratic Party and Internet service 
provider ProHost were not as lucky. 

According to John Vranesevich, 
founder of Website AntiOnline, 
ProHost was broken into "by an unor- 
ganised group of hackers" to change the 
domain http : //www. m i 1 wOrm .com, the 
group that recently gained access to an 
Indian nuclear research facility. 

"After we changed the milwOrm 
page, all sorts of people started attack- 
ing ProHosting" the attacked told 
Vranesevich. 

Vranesevich estimated that at the 
height of the attack, nearly a dozen dif- 
ferent hackers had "root," or highest 
level access to the server, and one indi- 
vidual deleted the entire contents of the 
server, putting nearly 1,000 separate do- 
mains out of commission. 

"We tried to stop him," the hacker 
told Vranesevich. "But he managed to 
delete everything anyway." 

"That guy just crossed the line; what 
he did isn't cool," said another of the 
hackers. 

Vranesevich said the 16-year-old 
"mystery hacker" that deleted the ac- 
counts is known as "DeathCraze," one 
of the newest members of the MilwOrm 
group. 

Germany's Free Democratic Party, 
part of German Chancellor Helmut 
Kohl's coalition, also was attacked over 
the weekend, causing "considerable 
damage." 



"While technically extremely profi- 
cient, the hacker made rather unimagi- 
native, clumsy and humourless 
changes," the FDP said. The damage 
done was considerable." 

AntiOnline's Web site is at http:// 
www. antionline . com 

Mobile phone firms 
warn about snoopers 

The Cellular Telecommunications 
Industry Association in the US fears the 
FBI will try to increase its eavesdrop- 
ping powers in a new law. 

According to the CTIA, the FBI has 
presented to several key senators a pro- 
posal to attach to the Appropriation 
Measure for Commerce, State and Jus- 
tice language that would extend the FBI's 
rights under the existing Communica- 
tions Assistance for Law Enforcement 
Act. 

What the FBI is seeking includes a 
requirement that wireless carriers pro- 
vide information about the location of 
mobile telephones, simply on the 
strength of a law enforcement agent's 
claim that the information could be rel- 
evant to the investigation of a felony, 
CTIA spokesman Tim Ayers said. 

The FBI also wants to prevent carri- 
ers and equipment manufacturers from 
petitioning the Federal Communications 
Commission to rule on whether any FBI 
demand is reasonable, the CTIA said. 

Under the CALEA, the FCC can be 
asked whether a demand made under the 
act is too costly, would have a negative 
impact on competition, or would nega- 
tively affect subscriber rates. 

The CTIA claimed that eliminating 
this recourse would in effect mean the 
FBI could demand "compliance at any 
cost." 

Ayers said the FBI is also seeking the 
right to listen in on conversations even 
when neither party involved is the sub- 
ject of a court order, and to capture cer- 
tain digital information from calls, such 
as credit-card numbers entered using the 
telephone keypad. 

According to the CTIA, when the 
CALEA was passed Congress made 
clear that its purpose was to extend the 
FBI's existing surveillance powers to 
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new communications technology, not to 
extend those powers, and FBI officials 
testified that they understood this. 

Since then the FBI has stopped in- 
dustry implementation of GALEA pro- 
visions, claiming the authority to require 
more intrusive surveillance. 

The current attempt to have its pow- 
ers extended by new legislation shows 
that the FBI did not in fact have that au- 
thority all along, Ayers said. 

Misusing data 

The UK's Data Protection Registrar 
has successfully prosecuted a son, his 
father and his father's company, for mis- 
use of personal data. 

According to the DPR's office, the 
investigation was undertaken with help 
from the National Westminster Bank. 
After being found guilty, fines totalling 
£8,000 and costs of £1,214.89 were im- 
posed by Horseferry Magistrates Court 
in London. 

The Registrar was contacted by the 
National Westminster Bank after the 
bank became concerned about the 
searches which one of its employees was 
making on the bank's databases. 

But the employee, Noel Larbey, was 
providing information to his father, 
Michael Larbey, a private investigator. 
Larbey senior was providing the infor- 
mation in response to a request from a 
solicitor. 

Noel Larbey, the son, was convicted 
on two charges of unlawful disclosure 
of personal data from the bank's 
databases and was fined £500 on each 
count. 

His father's company, Kingscliffe 
Limited, meanwhile, was convicted on 
one charge of non-registration, two 
charges of unlawful procuring of per- 
sonal data and two charges of unlawful 
sale of the data. The company was fined 
£1,000 on each charge. 

Michael Larbey, the father, as the 
owner of Kingscliffe, was convicted on 
four charges of consenting to or con- 
niving with the commission of offences 
by the company and was fined £500 on 
each charge. 

Elizabeth France, the Data Protec- 
tion Registrar, said: "It's encouraging 
that institutions like the NatWest are 



prepared to come forward and assist us 
in detecting and investigating such ex- 
amples of unlawful procuring and dis- 
closure of personal data. 

"The level of fines imposed by the 
court clearly shows how seriously these 
offences are viewed." 

The DPR's Web site is at http:// 
www.open.gov.uk/dpr/dprhome/htm 

FTC coalition wants 
to cut spam 

Online consumers should be able to 
identify all unsolicited e-mail, accord- 
ing to a US Federal Trade Commission 
report. 

The report, developed by a coalition 
of companies and organisations recom- 
mended that senders of junk e-mail, or 
"spam," should not be allowed to use 
false, or disguised return addresses 
which stop the recipient from respond- 
ing directly. 

Most junk e-mailers hide their true 
online identity to avoid being 
"spammed" themselves by thousands of 
complaints from those receiving the un- 
wanted and unsolicited e-mail, generally 
asking the recipient to respond to a Web 
site. 

"If every business that was sending 
out unsolicited commercial e-mail had 
to hear back from all the 300,000 peo- 
ple they angered, and they had to bear 
the cost of that, folks would realise it's 
not the most effective means of getting 
your message out," Deirdre Mulligan of 
the Centre for Democracy and Technol- 
ogy, said. 

"The FTC's report is an excellent 
policy analysis of a problem that most 
people on the Internet already know far 
more about than they would like," 
Junkbusters President Jason Catlett 
said. 

Catlett, noting the report's major rec- 
ommendation is to target enforcement 
action on spammers who use fake return 
addresses and forge headers misrepre- 
senting the e-mail's origin, said that 
"once spammers can't hide, they'll have 
to run from the millions of people they 
annoy every day. 

"The Internet's best hope of contain- 
ing spam right now is a combination of 



social pressure, vigilance by ISPs and 
government action under existing laws," 
he said. 

Junkbusters runs a service called 
Junkbusters Declare at http:// 
ww w. j unkbusters .com which gives con- 
sumers a free option to tell direct mar- 
keters what they want, and don't want to 
receive, Catlett said. 

The company's software, the Inter- 
net Junkbuster Proxy, also blocks un- 
wanted "cookies" and banner ads, he 
said. 

While the report recommends fur- 
ther restrictions on unsolicited e- 
mailers, the report, citing First Amend- 
ment concerns by the ACLU, the Direct 
Marketing Association and other groups, 
declined to press for an outright ban on 
junk e-mail. 

Along with the report, Jodie 
Bernstein, director of the FTC's Bureau 
of Consumer Protection, released the 
bureau's "dirty dozen" list of spam 
scams, designed to assist consumers in 
avoiding such consumer rip-offs. 

The list, Bernstein said, came from 
a special e-mail box at uce@ftc.gov the 
FTC set up for consumers to send spam 
they received in their own mailboxes. 

"We invited consumers to forward 
their unwanted UCE (unsolicited com- 
mercial e-mail)," Bernstein said, "and 
consumers had forwarded well over 
250,000 pieces of spam, and they con- 
tinue to do so at a rate of between 1,000 
and 1,500 spams per day." 

Bernstein said the Commission put 
that e-mail into a searchable database "so 
that we could study the spam and iden- 
tify possible targets for law enforce- 
ment actions." To date, the Commission 
has brought five such actions, she said. 

Senate approves Net 
control laws 

Amid controversy, the US Congress 
has tacked a number of amendments on 
to two bills in an attempt to limit access 
to undesirable material. 

Two of the amendments require 
schools and libraries to install Internet 
access filtering software, the other re- 
visits the Communications Decency Act. 

The amendments were tacked on to 
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appropriations bills for the Departments 
of Commerce, Justice and State in the 
Senate, and appropriations bills for the 
Departments of Education, Health and 
Human Services and Labor in the US 
House of Representatives. 

S. 1619, the Internet School Filter- 
ing Act of 1998, would require schools 
and libraries to block "explicit" mate- 
rial on the Internet, or lose billions in 
federal funding. 

Under the act, libraries would only 
have to certify they are using a filtering 
or blocking system, such as 
CyberPatrol, CYBERsitter, NetNanny 
or SurfWatch, for one or more of their 
computers so that at least one compu- 
ter "will be suitable for minors' use." 

But allowing different communities 
to set their own standards, and requiring 
only one computer in a library to have 
filtering capabilities, appear to be a way 
around constitutional issues of banning 
free speech, critics of the amendment 
said. 

"This is nothing less than Big Brother 
in the classroom," American Civil Lib- 
erties Union (ACLU) national staff at- 
torney Ann Beeson said. 

"We believe that educators, not Con- 
gress, should be the ones making deci- 
sions about what students can learn on 
the Internet." 

She added: "You can no more create 
a computer program to block out one 
community's views of "indecency' than 
you can devise a filtering program to 
block out unconstitutional proposals by 
members of Congress." 

The second amendment added to the 
appropriations bill, is still being debated 
in Congress, would amend section 223 
of the Communications Act of 1934 "to 
establish a prohibition on commercial 
distribution on the World Wide Web of 
material that is harmful to minors, and 
for other purposes." 

The amendment, S. 1482, introduced 
by Sen. Dan Coats (R-Ind.), is an attempt 
to "find a constitutional way to. ..help 
families protect young minds, hearts and 
eyes from the rawest, most degrading 
forms of pornography," Coats said. 

Coats was an original sponsor of the 
Communications Decency Act, struck 
down by the US Supreme Court last June 
26 as unconstitutional. 



Unlike the CD A, however, Coats' bill 
would apply only to Web sites, and not 
to chat rooms, e-mail or newsgroups. 

Coats' bill states that "whoever in in- 
terstate or foreign commerce in or 
through the World Wide Web is en- 
gaged in the business of the commer- 
cial distribution of material that is harm- 
ful to minors shall restrict access to such 
material by persons under 17 years of 
age." 

Violations of the proposed language 
would be subject to fines up to $50,000 
and up to six months in jail. 

The bill also requires Web sites to 
use a verified credit card, debit account, 
adult access code, or adult personal 
identification number to determine if a 
person accessing the site is over 17. 

But the ACLU also is fighting Coats' 
amendment. 

"By claiming that the bill address 
only Web sites involved in commercial 
distribution, Sen. Coats says he is 'hunt- 
ing with a rifle,' but in fact has lobbed 
another virtual grenade attack into the 
heart of the Internet," Beeson said. 

The amendments still have a long 
way to travel before becoming law, how- 
ever, since both the House and Senate 
must reconcile the appropriations bills 
before sending them to the White 
House. 

Fight over names of 
scrap critics 

A large Canadian scrap metal com- 
pany, has won a court battle allowing it 
access to the names and addresses of 
people who criticised it online. 

An Ontario court judge ordered In- 
ternet service providers America 
Online, iStar and Weslink Datalink to 
give Philips Services Co the names, ad- 
dresses, e-mail addresses and phone 
numbers of people who posted mes- 
sages about the company on a Yahoo 
board from April through June of 1998. 

Several of the messages apparently 
allege that Philip executives committed 
criminal activities. 

Other missives reportedly express 
concern about the safety of a person 
who reveals the firm's activities. 

Philip's stock price has come under 



pressure after the disclosure that it ap- 
parently hid unauthorised trading losses 
in its copper division. 

Philips says it will sue a copper 
trader or traders who are blamed for the 
losses and the company faces several 
lawsuits in the wake of the revelations. 

The judge's decision could mean the 
end of privacy and secrecy on the Inter- 
net for Canadian citizens because peo- 
ple who used anonymity in posting their 
opinions can now be held liable. 

Police guide to find 
computer porn 

Detectives in the UK investigating 
the trade in hard-core pornography on 
the Internet have been issued with a new 
guide to help them trace paedophiles 
across the Web. 

"The Internet Detective", published 
by the Home Office, was written by 
West Midlands Detective Inspector 
David Davis to help officers. DI Davis 
saw the need for the guide while head of 
the force's Paedophile Investigation 
Unit. 

Officers discovered child porn was 
being downloaded from the Internet, but 
at the time few in the British police 
knew how to deal with it. 

During investigations it became 
clear paedophiles were exploiting what 
was then new technology. 

"They could talk about things, swap 
things, almost with impunity in the early 
days," said DI Davis. 

The guide shows the techniques used 
by paedophiles to hide their identity on 
the web and stop police identifying them, 
although DI Davis admits that if 
encryption programs are used correctly, 
they are uncrackabie. 

As well as pornography trafficking, 
the Internet is being used by organised 
crime to communicate using email 

"They know normal phones can be 
tapped, they know mobile analogue 
phones can be tapped, and there's a lot 
of talk about digital mobile phones be- 
ing tapped, so they're moving to using 
this." 

Anonymous emails have also been 
used by staff to threaten their bosses. 
New investigative techniques are vi- 
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tal to crack Internet crime, but some- 
times old-fashioned police work can pay 
dividends, said DI Davis. Recently his 
team raided the office of a man sus- 
pected of child abuse to check his com- 
puter for pornography. 

They found the PC on his desktop 
was clean - but an officer noticed a 
strange dust pattern on another desk. 
Questioning a secretary, he found an- 
other computer had been moved to an- 
other office the day before the raid. "On 
the second one, we found the pornogra- 
phy," DI Davis said. 

Hackers create havoc 
in South Africa 

Cyber criminals could cost South 
African companies millions as the prob- 
lem reaches crisis levels, according to 
security experts. 

Ian Melamed, a Johannesburg com- 
puter crime expert working with Inter- 
pol to control the problem in Africa, said 
break-ins on the continent's computer 
systems had reached crisis levels and 
were getting worse. 

Most developing countries, like 
South Africa, have inadequate legislation 
in this field, making it difficult to pros- 
ecute computer crime. 

Mr Melamed is working with the SA 
Law Commission to draft new laws 
which will outlaw hacking (defined as 
illegally breaking into private computer 
networks) and cracking (stealing money 
or tampering with and damaging digital 
information). 

In the first case of its kind in South 
Africa, a computer hacker is to be tried 
in the Pretoria High Court for snooping 
in private files in an off-limits area of 
one of the country's big Internet serv- 
ice provider networks. 

The hacker scaled the "firewall 55 used 
to protect private areas of the compa- 
ny's network, but left "footprints 55 . Com- 
puter fraud experts were able to trace 
the location of the computer where the 
crime was committed. A court date is 
yet to be set. 

Mr Melamed, who is consulted by 
police regularly to help in computer in- 
vestigations, said the absence of anti- 
hacking laws meant the case would be 



tough to prosecute. 

Companies where security had been 
breached were reluctant to go public be- 
cause they immediately became targets 
of hackers and crackers who, knowing 
someone else had found a way in, also 
tried to break through their security. 

Africa was especially vulnerable now 
because Internet technology was avail- 
able, but companies were ignorant about 
protecting themselves and client infor- 
mation. 

The worst local culprits were often 
juvenile "cyber boffins 55 , some as young 
as 11, who were fast mastering ways to 
dodge computer police patrolling net- 
works for rogue visitors. 

"Ask a computer-literate child for a 
tour of the Internet and you will be stag- 
gered by what he knows. 

"I can only say I hope their knowl- 
edge is used for the benefit of the 
economy one day, because it's formida- 
ble," said Mr Melamed. 

Police spokesman John Sterrenberg 
said the school holidays could soon be- 
come a nightmare time for computer po- 
lice as bored youngsters logged on to 
the Internet and hacked their way into 
no-go areas. 

"There might be no law against hack- 
ing or cracking, but stealing is still steal- 
ing, 55 he warned. 

In the Western Cape police have in- 
vestigated 40 cases of computer fraud 
involving 2 million rand over the past two 
years. 

Hackers, often working from over- 
seas, will usually go through second 
computer networks to cover their tracks. 
This means police are often sent on the 
wrong trail - and the wrong continent. 

FTC wants laws to 
protect privacy 

The Federal Trade Commission plans 
to recommend that the online industry 
be regulated by the government unless 
it protects consumers 5 Internet privacy 
by January next year. 

FTC Chairman Robert Pitofsky wants 
legislators to give Internet firms one last 
chance to regulate themselves, but if this 
fails he will urge lawmakers to pass a 
privacy in cyberspace bill. 



Any such law should give an agency 
like the FTC the authority to establish 
minimum privacy standards for differ- 
ent industries, Pitofsky said. 

Web sites should reveal what infor- 
mation they collect, allow consumers to 
control dissemination of data and offer 
consumers a way to check and correct 
data for inaccuracies. 

"Unless industry can demonstrate 
that it has developed and implemented 
broad-based and effective self-regula- 
tory programs by the end of this year, 
additional government authority in this 
area would be appropriate and neces- 
sary, 55 Pitofsky told lawmakers at a 
House Commerce Committee subcom- 
mittee hearing. 

The FTC recently called for a law to 
limit the collection of information about 
children surfing the Internet after a sur- 
vey of 1,400 sites on the World Wide 
Web found rampant abuses. 

At the time, the FTC stopped short 
of calling for legislation to protect the 
privacy of adult Internet users, but in his 
testimony Pitofsky will outline a law that 
would include a requirement that mer- 
chandisers inform consumers about the 
use of their personal data. 

A group of leading companies doing 
business on the Internet asked lawmak- 
ers for more time, however. The Online 
Privacy Alliance, a group of Net com- 
panies including Microsoft, AT&T and 
America Online, suggested a scheme 
based on third-party validation of privacy 
practices. 

Under the plan, an outside group 
would allow Web sites that met certain 
privacy protection policies to carry a 
seal or label alerting consumers. 

Senate passes Internet 
gambling ban 

The US Senate overwhelmingly voted 
to ban most forms of gambling on the 
Internet, even though questions remain 
about enforcement. 

The full Senate voted 90-10 on an 
amendment by Sen. Jon Kyi (R-Ariz.) to 
extend the current federal ban on inter- 
state gambling on sports by phone or 
wire to almost all other forms of gam- 
bling, including Net-based "interactive 
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casinos." 

Kyi's bill broadens the current 
phone/wire ban to cover new and 
upcoming technologies like microwave 
transmission and fibre optics. 

The bill is also the first to prosecute 
people placing bets with such opera- 
tions. 

Under the provision, individual gam- 
blers could face prison sentences of 3 
months and fines of $500. 

Those running businesses that run the 
gambling sites could be imprisoned for 
4 years and fined $20,000 or three times 
the amount of bets accepted. 

But the Senate rejected an amend- 
ment by Sen. Larry Craig (R-Idaho) that 
would have excepted the ban from In- 
dian tribes. The vote on that piece of leg- 
islation was 82-18. 

Even though the bill promises to 
prosecute Net-based casino operators, 
those opposed to the legislation say it 
cannot be enforced since almost all of 
the Web gambling sites are located out- 
side of the US. 

An essentially similar bill regarding 
Net-based gambling is awaiting a vote 
in the House of Representatives. 

Kyi said: "More than a billion dol- 
lars will be gambled over the Internet 
this year. Internet gambling is unregu- 
lated, accessible by minors, addictive, 
subject to abuse for fraudulent purposes 
like money laundering, evasive of state 
gambling laws - and already illegal at the 
federal level in many cases." 

The Senate amendment would re- 
quire Internet service providers to "pull 
the plug" on those sites, Kyi said, say- 
ing a ban would "likely be enforced by 
law enforcement identifying a Web site 
that provides illegal gambling and seek- 
ing a court order enjoining the activity." 

During two days of debate on the Sen- 
ate floor, the gambling amendment's sup- 
porters contended a ban is needed since 
there is no way to regulate virtual casi- 
nos. 

Unscrupulous operators are free to 
rig their games to cheat customers or 
accept bets from children who get their 
hands on parents' credit cards, they said. 

But Internet gambling spokeswoman 
Sue Schneider, chairwoman of the 55- 
member Interactive Gaming Counci, 
said: "All prohibition does is build up a 



criminal infrastructure." 

Net user charged with 
subversion in China 

China has arrested and charged a 
software engineer with subversion after 
supplying e-mail addresses to an Ameri- 
can-based pro-reform magazine, said a 
human rights group. 

Lin Hai, a 30-year old manager of a 
Shanghai based software company, was 
arrested in April after providing a list of 
30,000 Chinese e-mail addresses to a 
US-based pro-democracy magazine and 
Web site called Big Reference. 

A spokesman for the Hong Kong 
based Information Centre of Human 
Rights and Democratic Movement in 
China said he is expected to stand trial 
in Shanghai in the near future. 

If convicted, he faces a penalty rang- 
ing from 10 years in prison to the death 
sentence. 

The spokesman said a 150-member 
strong police squad in the Chinese city 
are monitoring Internet usage and block- 
ing access of some users while confis- 
cating the computers of others. 

Internet use in China is rising fast. 
According to recent reports in the Chi- 
nese media, the nation had 1.175 mil- 
lion Internet users at the end of June. 

The figures, from the China National 
Network Information Centre (CNNIC), 
represent a rise of 115,000 during June 
and a large rise on the 670,000 users at 
the beginning of the year. 

NASA's tackles crime 
using Beowulf 

Analysing computer crime evidence 
and tracking cyber criminals has gone 
from taking weeks to mere minutes, now 
that the NASA Computer Crimes Divi- 
sion has employed Beowulf 

NASA's Beowulf is a low-cost, high- 
performance computing cluster that 
helps identify computer criminals. 

Previously used by such organisa- 
tions as NASA and the Department of 
Energy for high performance scientific 
modelling and simulation, the Beowulf 
technology, coupled with additional 
software tools developed by the CCD, 



now could benefit law enforcement, net- 
work security and other areas that need 
a low-cost, high-performance comput- 
ing system for non-scientific applica- 
tions. 

"This is the first time Beowulf is be- 
ing used for law enforcement," Thomas 
Talleur, advanced technology programs 
executive for NASA's CCD, said. 

According to Talleur, Beowulf is a 
low-cost alternative to supercomputers. 
"What NASA did was to parallelize the 
Linux operating system, making it so it 
would run as a parallel operating sys- 
tem." 

"We built a modest cluster that fea- 
tures a sustained throughput rate of 2.4 
Gb per second for under $60,000," 
Talleur said, adding that the project "is 
another great example of NASA's bet- 
ter, faster, cheaper philosophy at work." 

Talleur noted that the BeowulfLinux 
operating system "is great for organisa- 
tions that have intensive computational 
demands and small operating budgets." 

Because Linux source code is avail- 
able free, Talleur said "now we have the 
control and computational power that we 
need without being dependent upon spe- 
cific vendors." 

As an example of Beowulf's power, 
Talleur said that while the recent inves- 
tigation into break-ins into NASA and 
other government computer systems by 
the ViRii group took seven weeks for 
evidence to be analysed, Beowulf could 
perform that same task in less than an 
hour. 

"We have gone from weeks to min- 
utes in our ability to analyse and proc- 
ess computer crime evidence," he said. 

NASA originally pioneered the 
Beowulf concept at its Centre of Excel- 
lence in Space Data and Information Sci- 
ences in 1994, by adapting the free 
Unix-like operating system, called 
Linux, to work in a massively parallel 
and distributed computing environment 
using commodity off-the-shelf hard- 
ware. 

The Beowulf distribution used by the 
CCD is called Extreme Linux, and is dis- 
tributed by Red Hat Software for $29. 

Additional information on the 
Beowulf project is available at http:// 
beoserv.hg.nasa. gov 
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roduct news 



Voice security 

A new system could cut fraud by 
processing customer requests by using 
voice verification. 

US firm Periphonics has joined up 
with T-Netix to enhance its automated 
transaction processing services by us- 
ing T-Netix's SpeakEZ Voice Print tech- 
nology. 

According to the company, the 
SpeakEZ Voice Print technology sig- 
nificantly reduces an institution's risk of 
fraud by requiring callers to pre-record 
a spoken password, as well as identify 
themselves by speaking the same pass- 
word each time they wish to access se- 
cure information and services. 

The plan is now for Periphonics to 
work with T-Netix to port SpeakEZ 
voice print technology to OSCAR (Open 
Signal Computing and Analysis Re- 
source), Periphonics' advanced platform 
designed specifically for leading-edge 
speech processing algorithms. 

The IVR applications, the company 
says, will prompt the caller to "voice 
verify" their identity. The spoken reply 
is then packaged and sent to an OSCAR 
running SpeakEZ, where it is compared 
against the caller's previously enrolled 
voice print stored on the Periphonics 
system. 

The verification engine will then send 
a message back to the IVR application, 
indicating whether access should be ap- 
proved or denied. 

"As the frequency and value of tel- 
ephone-based commercial transactions 
increase, call centre operators are more 
concerned than ever with fraud secu- 
rity," said Ron Beyner, T-Netix's vice 
president of commercial services 

"Touch-tone based passwords and 
PINs can be copied or hacked. With 
SpeakEZ voice print technology, an ac- 
count will be protected from unauthor- 
ised access, even if the 'fraudster 9 
knows the account holder's voice print 
password," he said. 

Cellular fraud control 

Mobile phone firm BellSouth Cel- 
lular Corp is installing a profiling sys- 
tem to help spot fraud. 

The company, a division of 



BellSouth, will use Corsair Communi- 
cations Inc's FraudWatch Pro product. 

The system profiles individual cel- 
lular subscribers by noting their patterns 
of telephone usage and spotting devia- 
tions from normal calling patterns. 

Corsair spokeswoman Corey 
Caldwell said carriers could spot signs 
of cellphone "cloning" and subscriber 
frauds that involve using the identity of 
a legitimate subscriber to create a sepa- 
rate account. 

Caldwell said BellSouth Cellular is 
among the first major carriers to install 
FraudWatch Pro, although several car- 
riers - mostly international ones - are 
currently deploying it. 

BellSouth Cellular is at http:// 
www.bscc.com and Corsair Communi- 
cations is at http://www.corsair.com 

Next generation credit 
card security scheme 

MasterCard International has an- 
nounced it is working with HNC Soft- 
ware on a next generation anti-fraud sys- 
tem. 

The aim of the project is to allow 
MasterCard-issuing financial institu- 
tions to better detect fraudulent debit 
and credit card transactions. 

Most fraud detection systems cur- 
rently deployed on the networks of fi- 
nancial institutions rely on a neural net- 
work or fuzzy logic approach to fraud, 
allowing the software to adapt to rapidly 
changing spending pattern changes, but 
applying a rules based approach to cap- 
ture suspicious transactions. 

MasterCard's new fraud detection 
service is based on HNC Software's ad- 
vanced neural network modelling tech- 
nology. 

According to company officials, by 
leveraging the MasterCard BankNet glo- 
bal transaction processing network, the 
system combines cardholder, merchant, 
and geographical data to give 
MasterCard members a fraud prediction 
model that is unique in the industry. 

The first module of the new risk 
predictive service will be available in the 
fourth quarter of this year and will be 
exclusive to MasterCard and its mem- 
ber institutions. 



According to HNC, the product can 
be integrated with an issuer's existing 
system or used as a standalone fraud de- 
tection service. 

According to HNC, the new anti- 
fraud system being developed for 
MasterCard is a new application of 
HNC's proprietary profiling technology, 
allowing the fraud predictive system to 
constantly update information with each 
new transaction, building a detailed pro- 
file of each merchant and cardholder. 

This exclusive use of dynamic mer- 
chant profiles to supplement the trans- 
action-based account profiles, the com- 
pany says, provides a boost to the pre- 
dictive precision of the model. 

By using a variety of models of be- 
haviour for each global region, the sys- 
tem will ultimately allow members to 
examine similar patterns in a given set 
of countries. 

Currently, 12 MasterCard members 
are participating in the association's pi- 
lot program for the credit card fraud de- 
tection module. Firstar Bank, based in 
Wisconsin, has used the system to catch 
previously undetected fraudulent activ- 
ity that could have resulted in an aver- 
age loss of $5,100 per account identi- 
fied. 

MasterCard's Web site is at http:// 
www.mastercard.com 

Software to cut 
harrassment 

To help protect companies against a 
rising wave of e-mail-related harass- 
ment lawsuits, a program has been 
launched to automatically remove offen- 
sive words. 

Content Technologies has an- 
nounced an "anti-harassment and pro- 
fanity" module for configuring its 
Mimesweeper filtering software to 
screen out messages containing certain 
words. 

Victor Woodward, spokesman for 
the firm, said that many types of online 
activities could easily meet the defini- 
tion of "harassing conduct," stipulated 
by the Equal Employment Opportunity 
Commission in the US. In one recent 
sexual harassment case, the courts 
awarded $2.2 million to four female 
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employees of Chevron Corp., who al- 
leged that they had received sexually 
offensive e-mail, according to Wood- 
ward. 

E-mail is also being used as evidence 
in a number of cases now pending in 
the US court system, including suits 
against Microsoft, Nationwide Mutual 
Insurance, King County in the state of 
Washington, and the Minneapolis (Min- 
nesota) Community Development 
Agency, Woodward observed. 

Content Technologies' 
Mimesweeper site is located at http:// 
www.mimesweeper.com on the Web. 

Online research tools 

Online information provider Lexis- 
Nexis has announced improvements to 
its services to streamline the process of 
retrieving case law. 

The new features automatically pro- 
vide an at-a-glance overview of the ma- 
jor legal terms appearing within a par- 
ticular case or agency opinion and en- 
able a researcher to highlight important 
passages and automatically launch a 
search to find related materials. 

"These new features provide attor- 
neys with a superior alternative for scan- 
ning and filtering legal materials quickly 
to find applicable cases and agency de- 
cisions vital to their legal research," said 
Paul Brown, chief operating officer of 
Lexis. Researchers can also retrieve the 
full text of legislation referenced in a 
newspaper or legal publication article as 
the result of an enhanced linking feature 
also recently launched by Lexis-Nexis. 

The new features are available on the 
Web-based legal research service at 
www.lexisxom. 

Strong encryption 

Jaws Technologies says it is launch- 
ing the world's strongest security 
encryption software to address the in- 
creasing frequency of unauthorised ac- 
cess to digital information. 

Jaws L5 Data Encryption is the in- 
dustry's first encryption software prod- 
uct with 4096-bit key encryption 
strength. Claimed to be the most ad- 
vanced encryption software currently on 
the market, the firm says it is statisti- 
cally unbreakable. 

The program encrypts files as a 
means to control access to confidential 
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information stored on desktop PCs, 
handheld devices and networks and to 
ensure security of Internet transactions 
and remote file access. 

The application employs recursive 
mathematics to make backward analysis 
impossible, and takes advantage of a 
complex algorithm utilising a random 
number generator to create a unique 
encryption "key," meaning no two 
encryption codes are the same. 

Jaws L5 is available for $49.95 on- 
line and directly from the company. For 
more information, visit the company's 
Web site at www.jawstech.com 

Risky Net business 

A study into the habits of UK com- 
panies has revealed that many have still 
to come to terms with IT security. 

The report was jointly commis- 
sioned by Integralis, City law firm 
Theodore Goddard, and corporate in- 
surer Nelson Hurst, and was conducted 
by QA Research. The study says that an 
increasing number of companies are 
using e-mail or the Internet, but in many 
cases there is little done to combat the 
potential security threats through net- 
work security, necessary insurance and 
legal measures. 

"This research has uncovered a mas- 
sive gap that needs to be bridged by cor- 
porate Britain, between the current use 
of e-mail and the Internet by organisa- 
tions, and what is actually required to 
ensure they are doing business via elec- 
tronic methods in a secure manner," said 
Steve Webb, Integralis Network Sys- 
tems' European marketing director. 

"This research demonstrates that 
British companies are not generally 
aware of the extent to which employee 
access to e-mail and the Internet can ex- 
pose them to legal liability," said David 
Engel of Theodore Goddard. 

According to Engel, even where 
there is some awareness of the problem, 
companies do not appear to be doing a 
great deal to manage that risk. 

"Only last year, we acted for private 
medical health insurer Western Provi- 
dent Association which successfully 
sued Norwich Union for libel as a re- 
sult of e-mail messages circulated on 
Norwich Union's internal e-mail sys- 



tem. 

"Norwich Union paid our client 
£450,000 ($700,000) in damages and 
costs; that case is a salutary lesson for 
any employer whose staff have access 
to an internal e-mail system and, even 
more so, to the Internet," he said. 

And the study showed that those re- 
sponsible for purchasing and setting cor- 
porate insurance policies (typically fi- 
nance directors) were unaware of the 
need to insure against corporate risks 
associated with e-business. 

Integralis, Theodore Goddard and 
Nelson Hurst have launched a range of 
complimentary services to address the 
IT legal and insurance issues relating to 
corporate liability through e-business. 

For more information see the Web 
site at http://www.cyberliability.com and 
there is a hotline on +44-(0)l 18-930- 
6060. 

Security consulting 

Computer security firm Network 
Associates demonstrated that it's begin- 
ning to rationalise its multiple acquisi- 
tions of Internet and network manage- 
ment firms. 

The company announced a new pro- 
fessional services organisation largely 
made up of consultants acquired with 
firewall company Trusted Information 
Systems in March 1997, Network Gen- 
eral last October, and network scanning 
firm Secure Networks this May. 

The company also will offer custom 
consulting on network security, includ- 
ing full-scale outsourcing and penetra- 
tion testing. 

The news follows announcements of 
enhancements to Network Associates' 
firewall software offerings. 

The company, which began as an an- 
tivirus software vendor called McAfee 
Associates, has launched WebShield for 
Firewalls, which builds network antivi- 
rus protection into firewalls to keep vi- 
ruses from entering corporate networks 
via the Internet. 

WebShield for Firewalls is the first 
product to result from TIS acquisition, 
and it uses the content vectoring proto- 
col to scan for viruses at the firewall. 
The product also works with firewalls 
from other vendors that support CVP. 
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Dutch child porn scanda 



The discovery and investigation of a global child pom ring has reso- 
nated through police forces and politicians alike. Paul Johnson looks at 
events surrounding the case and the implications for the future, 

investigation... (which) did show Ulrich 
had pornographic images in his posses- 
sion, but nothing indicated that child 
pornography was in play" 

Consequently no crime was uncov- 
ered, as possession of pornography is 
not punishable under Dutch law, police 
said. 

The Dutch newspaper Algemeen 
Dagblad blamed management costs and 
personal egos for bogging down police 
procedures, saying money and manpower 
for an investigation was made available 
only after the affair hit the international 
headlines. 

And the NRC Handelsblad paper said: 
"That unspeakable practices can occur 
in the Netherlands means that the Neth- 
erlands has a serious problem. The 
Zandvoort case proves that the Nether- 
lands is a major production and distri- 
bution centre for child porn, as has been 
repeatedly claimed by US and German 
authorities - a claim that has always been 



The Dutch police have launched an 
investigation into a suspected interna- 
tional child abuse ring after thousands 
of pornographic computer and video 
linages were found. 

Detectives have been sorting through 
thousands of pom computer images in 
the search for evidence that toddlers and 
young infants were among those alleg- 
edly exploited over the Internet. 

However, Dutch police themselves 
stand accused of initially bungling the 
ivestigation into the paedophile ring, 
which is accused of abusing children, 
some as young as two, and selling the 
pictures on the Net. 

The case was set in motion with the 
murder in Italy of convicted German 
paedophile Gerrie Ulrich, 49, who had 
been living in the Dutch seaside town of 
Zandvoort. 

Ulrich ran a computer shop in 
Haarlem near Amsterdam and is thought 
to have been a central figure in an inter- 
national network, using his shop as a 
cover for the distribution of child por- 
nography. It is thought that his murder, 
in Pisa in June, was at the hands of an- 
other suspected paedophile. 

And it was reported that the dead 
man's family, who wanted to disassoci- 
ate themselves from Ulrich, first went 
to the police with evidence of the pae- 
dophile's activities. 

But it is claimed that police indif- 
ference led them to take the potentially 
-racial evidence, including disks and 
DD-ROMs containing pornographic 
ales, to the Belgian anti-porn group 
Morkhoven, which in turn released parts 
3 the Dutch current affairs programme 
i fova. 

More seriously, police are accused 
of failing to discover the dead man's ex- 
ensive links with the shadowy world of 
hild pornography after receiving sev- 
eral tip-offs about his alleged activities 
a year ago. 

Dutch police said they had first been 
ripped about U Inch's suspected involve- 
lent in child pornography in early 1997. 

"The tips that came in were hearsay," 
police said. "The police did mount an 



denied here." 

The Morkhoven group finally handed 
over dossiers believed to contain names 
and addresses of those involved in the 
child pornography ring to Belgian au- 
thorities which passed them on to Dutch 
justice officials. 

In a response to the mounting criti- 
cism, a police statement said they had 
to wait until the end of June to examine 
the computer material because there was 
no legal basis to do so earlier. 

The statement also said police had 
launched an investigation last year into 
the man's alleged links with paedophiles 
based on "hearsay" tips, which revealed 
he possessed pornography, but not child 
pornography. 

A Justice Ministry spokesman said 
the problem of Internet pornography was 
not as easily handled as child abuse, add- 
ing that the problem required an overall 
EU response. 

"Child abuse has a very high priority 
in the Netherlands and then there's the 
relatively new problem of Internet im- 
ages," the spokesman said. 

"An added problem is that of the 
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power of jurisdiction. This Internet 
crime has to be tackled on an interna- 
tional level," he said. 

Now the Dutch Justice Ministry, 
stung by criticism over its handling of 
child pornography on the Internet, is to 
increase the number of investigators 
working on it and boost co-operation be- 
tween Dutch authorities. 

"More detailed agreements have 
been made on how to handle reports of 
child porn on the Net... the Central Re- 
search and Information service will put 
more people on the matter," Wijnand 
Stevens, ministry spokesman said. 

In a statement, the Justice Ministry 
said: "The minister wants to take away 
the impression that police and justice in 
all areas give insufficient priority to the 
fighting of sexual offences against mi- 
nors." 

In a letter to parliament the same day, 
Justice Minister Benk Korthals said 
those investigating cyberspace child 
pornography faced new technical com- 
plexities. But police and justice officials 
were catching up on the knowledge back- 



log. 

He also said the need to fit interna- 
tional co-operation with national poli- 
cies, also complicated the battle. 

"There's a legal problem. Legislation 
has been established along the lines of 
territorially organised states in the past 
centuries. The creation of the necessary 
international law is still in a tender 
stage," Korthals said. 

Enhanced international exchange of 
information between investigation bod- 
ies should be improved, he added. 

The Netherlands, Germany and Swe- 
den recently started a pilot project to 
exchange digital information on Inter- 
net child porn, intended to help create a 
European Union network of databanks. 

Dutch officials said the search for 
and prosecution of commercial produc- 
tion and distribution of child porn on the 
Net would remain a priority, and that 
methods to battle against the abuse had 
been refined. 

The Central Research and Informa- 
tion service will refer cases that fall un- 
der Dutch law to a special office of the 



public prosecutor, which will co-ordi 
nate national investigations. Up to nov 
the public prosecutor's office has bee 
entrusted with five cases, Stevens said 

Catalogue of horrors 

Morkhoven chairman Jan Boeyken 
said the group held thousands ofhorrifi 
photos. 

Morkhoven says it has uncovered 
mountain of videotapes, CD-ROMs an 
encrypted computer diskettes showin 
children as young as 18 months bein 
sexually abused by adults. 

The group also said it had hundrec 
of names and addresses in various com 
tries of suspected users and manufac 
turers of child pornography. 

Among the films is one titled "O 
Daddy," in which balding, middle-age 
men have intercourse with five-year-ol 
and eight-year-old girls, one of whoi 
appears to have been so heavily drugge 
that some experts fear she may ha\ 
been dead. 

Bank statements recovered b 



Shadowy vigilante group wage war on child porn 



Jan Boeykens leads a group 
called Morkhoven that is waging its 
own private war against child porn. 

These vigilantes, founded in 
1988, are determined to put an end 
to a business that has spread to the 
Internet, and their actions - includ- 
ing a fight with police about hand- 
ing over evidence - have earned 
them si mixed reputation. 

Boeykens, a human rights cam- 
paigner who long has fought child 
abuse and police brutality, says he 
has no faith in Belgian authorities. 
He doesn't have much confidence in 
Dutch police either. And like many 
vigilante groups, his has had occa- 
sional brushes with the law. 

On July 20, Belgian police ar- 
rested Morkhoven member Marcel 
Vervloesem for refusal to hand over 
diskettes and files on the child-sex 
ring. He eventually complied and 
was released. 

"I think some people in the jus- 



tice system are involved," said 
Boeykens, explaining why 
Morkhoven was reluctant to relin- 
quish the material. "Some policemen 
are involved. They are not angels. And 
I think some political people are in- 
volved." 

Belgian officialdom is suspicious 
of Morkhoven. An investigation of the 
group is under way, but it is not know 
whether charges have been filed. 

Morkhoven is a close-knit group 
of 20 to 25 people, most of them part- 
time volunteers from Belgium, the 
Netherlands and Germany with the 
shared goal of exposing mistreatment 
of children* 

They began fighting the use of iso- 
lation cells for children in a psychi- 
atric clinic and eventually to other 
issues involving young people. 

"From the beginning we've had a 
lot of problems with the authorities," 
said Boeykens. "When we started 
with actions against the isolation 



cells, it was a taboo. They denied 
these problems existed. It's the same 
now with the pornographic net- 
work. They are criminalizing us. 

"We are not connected to a po- 
litical party, we are not subsidised. 
We are completely free." 

One sympathiser is Austrian 
Foreign Minister Wolfgang 
Schuessel, president of the Euro- 
pean Union Council of Ministers, 
who thanked Vervloesem for his 
"courageous and exemplary action" 
in helping to expose the pornogra- 
phy ring in the Netherlands. 

The publicity generated from the 
Netherlands case has shed light on 
the previously little known organi- 
sation, increasing its support and 
funding. But there are no plans tc 
increase its size. "It's best to work 
small," says Boeykens. "We have 
been infiltrated in the past. And ] 
think our telephone conversations 
are monitored." 
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Morkhoven and shown on Dutch televi- 
sion's NOVA programme indicate 
Ulrich marketed a bulletin board called 
Apollo. 

For a fee deposited to his account, 
subscribers could dial direct into the 
Apollo site and view more than 30,000 
images of sexual abuse of minors. 

Morkhoven says it has evidence link- 
ing the computer pom network to a sin- 
ster child smuggling racket that 
stretches from Russia to the United 
States, Portugal, France and Belgium. 

A spokesman for the group said: "The 
size is so enormous - the police will 
need several weeks to plough through it. 

"There are people from England in- 
volved who founded (pornography) busi- 
nesses in the Netherlands which are ac- 
tive in the Czech Republic and in Ber- 
lin." 

The group said it gathered its evi- 
dence during its search for a Berlin boy 
who disappeared in 1993 aged 12, then 
resurfaced in the child pornography 

world of Amsterdam. 

Dutch police said they had met with 
the boy's father and that they would look 
at his disappearance as part of the inves- 
tigation. 

Some of the child-pornography pic- 



tures similar to those retrieved at the 
Zandvoort flat are reportedly still avail- 
able on the Internet. 

A spokesman for the Dutch Public 
Prosecution's anti-pornography work 
group said he understood the pictures 
were on a US Internet site, and so be- 
yond the reach of Dutch law. 

"If the pictures were on a Dutch site, 
we could put it out of action. Our nor- 
mal powers would apply and we could 
conduct a house search and confiscate 
material," Jurriaan Simonis said. 

"If the pictures are in America... all 
the police can do is tip off their US col- 
leagues." 

Authorities say little if any of the 
material seized in Zandvoort was actu- 
ally produced in the Netherlands; they 
think much of it came from central and 
eastern Europe and originally was posted 
on the World Wide Web in the US. 

Though possession of child pornog- 
raphy carries a maximum sentence of six 
years' imprisonment in the Netherlands, 
traffickers are difficult to catch. Paedo- 
philes who once posted illicit images 
openly on Web home pages now shelter 
in Internet chat rooms, hiding behind 
fake names and bogus e-mail addresses. 




Call for EU action 

Austrian foreign minister 
Wolfgang Schuessel has rebuked 
some of his European Union part- 
ners for their "lukewarm" re- 
sponse to calls to increase action 
against crimes against children. 

Schuessel, whose country holds 
the rotating EU presidency, told 
the European Parliament's foreign 
affairs committee that he hoped 
the discovery in the Netherlands of 
the alleged child pornography ring 
would jolt them into action. 

"To be honest...it was a pretty 
lukewarm reception," Schuessel 
said of EU foreign ministers' re- 
action to his announcement that 
the fight against such crimes 
would be a central plank of Aus- 
tria's six-month presidency. 

He said he hoped EU member 
states would take advantage of 
events in the Netherlands to broach 
"this awful problem." 

The affair has prompted calls 
for tightened control of the Inter- 
net, but the 15-nation EU is at odds 
as to how to do it. 

Tom Spencer, chairman of the 
European Parliament committee, 
told Schuessel that, while the As- 
sembly would look at ways to com- 
bat use of the Internet for such 
ends, previous attempts had come 
up against legal obstacles. 

Maurice Wessling, a spokes- 
man for Internet provider Xs4all, 
said his company filtered out In- 
formation intended for child por- 
nography sites. 

Removing the sites altogether 
could lead to the migration of porn 
elsewhere. 

But the industry's approach to 
tackling unwanted material on the 
Internet is piecemeal, as is the ap- 
proach of national governments. 

"In the Netherlands it's a crime 
to say the Holocaust did not hap- 
pen. In the US it falls under free- 
dom of speech and is okay. But 
something posted in the US is vis- 
ible to someone in the Nether- 
Sands," Wessling said. 
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Forensic lessons - case stu 



In last month's Journal, we reported how workers at a UK Ministry 
ofDefence agency had downloaded thousands of illegal pornographic 
pictures. A subsequent trial threw up a variety of problems and is- 
sues surrounding the case. This month forensic analyst Jim Bates, 
who acted as an expert defence witness in the proceedings, looks at 
what happened and what lessons need to be learnt. 



The Roper case, Involving large num- 
bers of pornographic images on a net- 
work based at the Defence Research 
Evaluation Agencyin Malvern, Worces- 
tershire, was the largest - in terms of 
quantity - that I have been involved in and 
possibly the largest that has yet been 
seen within the U.K. 

When investigating such cases, there 
may occasionally be areas where a pro- 
fessional opinion is required concern- 
ing the interpretation of the evidential 
material. However, the main work of an 
expert is simply to quantify, analyse and 
report upon the facts. 

In this case, as with most cases, the 
facts were not in dispute. The computer 
used by the defendant Paul Roper at his 
workplace did contain quantities of por- 
nographic image files. 

Some of them undoubtedly involved 



children and some of them had been de- 
leted. However, these facts had to be 
seen and interpreted within the greater 
framework of the circumstances sur- 
rounding the use of the machine. 

At the beginning of my investigation, 
from the various statements the story 
emerged as follows: 

In the early hours of a Monday morn- 
ing, a security guard on night duty was 
on his normal patrol through buildings 
within the Malvern site. His route to exit 
one of the buildings was through the 
open-plan computer room and out via the 
fire escape. 

As he crossed the computer room he 
noticed, "a particularly eye-catching 
screen saver", on one of the computer 
screens. He sat down at the computer 
and moved the mouse, thus clearing the 
screen saver. 




Among the various desktop pre 
grams then displayed he noticed, "a 
unusual icon on the screen which caugl 
my eye". Clicking this icon produced 
picture of, "two very young girls in 
state of undress lying on a bed ...". 

A number of other icons were als 
displayed and clicking these reveale 
various other images of a similar int 
mate and even pornographic nature. No 
ing that the files were stored under 
heading called "STUFF", the guard r< 
turned the screen to its original state ar 
left the building. 

On returning to his office the guai 
informed his immediate supervisor ar 
was advised to report the matter to tl 
senior security manager on his (tt 
guard's) next tour of duty. 

It happened that the guard was not c 
duty again until the following Friday ar 
at that time he duly reported the matt< 
to the senior security manager. TI 
guard was then asked to return to du 
and report back to the manager at 18:( 
hrs that afternoon. 

During the day that manager reports 
the incident to various other manage 
ment personnel and a meeting was coi 
vened at around 18:00 hrs. 

At around 18:15 hrs, the group < 
managers with the guard, went to tl 
computer room and told the supervisi 
why they were there. The supervise 
asked all the staff still present to fini< 
their work and leave the building. 

The statements describing the ne 
sequence of events varied in a numb 
of small details since it appeared that r 
one had thought to make accurate note 

Once the room had been cleared, tl 
managers asked the guard to show the 
what he had done the previous Monda 
The guard accordingly went to the rc 
evant computer (which was switch^ 
off), sat down, switched it on and beg< 
trying to find the pictures he had seer 

After some searching he managed 
find some pictures of young girls b 
none of the child pornography he hi 
seen earlier. Other members of tl 
group then began examining other cor 
puters, looking for any pornograph 
material. 

After a period of time, some adi 
pornographic movie clip files were 1 
cated on one machine but seemed to 1 
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on a network drive and there was some 
confusion concerning the physical lo- 
cation of this drive. 

More searching and the drive was 
eventually located in yet another com- 
puter. One of the managers then at- 
tempted to copy some of the files to 
floppy disks "for evidence", but found 
that they had "disappeared". 

It later transpired that at least one of 
■ he people cleared from the room had 
gone home, logged on to the network 
from his home machine and had then 
deleted some files from some of the 
network drives. 

Another manager, attempting to view 
a number of images on a computer found 
that the files were being deleted virtu- 
ally as he watched, "from an external 
source". Some files were eventually 
copied to floppy disks and at around 
22:00 hrs the system was shut down and 
Roper's computer and a quantity of re- 
movable hard disks were taken to secure 
storage within the site guardroom. 

The following Monday morning, the 
computer and hard disks were taken to 
the Ministry of Defence Police where 
they were connected up and switched on. 
Some images were examined and dis- 
cussions were held. 

Eventually the machines were 
switched off and prepared for transport 
to the MoD forensic division. They were 
eventually booked into the Computer 
Examination Store the following day 
(Tuesday) and were subsequently exam- 
ined and reported upon by the forensic 
investigation team. 

The report that the team eventually 
produced was a model of detail and ac- 
curacy, and correctly concluded that 
large quantities of pornographic mate- 
rial had been downloaded to the various 
hard disks from the Internet. 

In the meantime, a series of internal 
inquiries had begun which culminated in 
several people (including Roper) being 
suspended on fall pay while investiga- 
tions continued. 

The case took something over a year 
to come to court, by which time all but 
two of the suspended personnel had 
found other jobs (some still at the Mal- 
vern site). 

Charges of possession were eventu- 
ally preferred against Paul Roper and I 



was instructed to examine the evidence 
on behalf of the defence. With some 
small but interesting differences, what I 
found agreed broadly with the case as I 
have stated it so far. 

The main difference concerned 
traces of activity noted on Roper's ma- 
chine in the early hours of the Monday 
morning when the guard noticed the 
"eye-catching screen saver". 

I should note in passing that the ac- 
curacy of the computer clock had been 
verified by the MoD forensic team. The 
sequence of events as it appeared from 
the dates and time of files was that some- 
one accessed a game called MechWars 
at around 03:12 hrs, at around 04:12 hrs 
access was made to a program called 
SUCKER and at 04:18 hrs an attempt 
(probably abortive) was made to run a 
movie display program. 

Various periods of activity through- 
out the week were noted until the time 
(around 18:00 hrs) on Friday afternoon 
when the room was cleared. 

On just one of the drives, a total of 
37 files were found to have been altered, 
created or deleted during this period, 



totalling somewhere around 3Mb. Fur- 
ther activity on the following Monday 
compromised, contaminated or de- 
stroyed a further 2Mb. 

More detailed analysis indicated that 
quantities of image files had been 
downloaded over a period of time - spe- 
cifically at times when Paul Roper had 
been at different locations around the 
country. 

A complicating factor was the net- 
work configuration. It seemed that vir- 
tually any machine on the network had 
read/write privileges to virtually any 
other drive on the network and my re- 
port noted: "A detailed analysis of the 
position of the computer on the network 
is impossible without detailed informa- 
tion on how the server was configured 
and precisely what access was available 
between participating workstations." 

It is possible for example, to con- 
nect to the Internet from a networked 
machine and specify a network drive 
(rather than a local one) to receive 
downloaded material. Obviously a net- 
worked drive exists on another compu- 
ter and will thus gain files without any 
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activity on the part of its operator and 
probably without the operator even be- 
ing aware of it". 

It also became apparent that not only 
was there no access security on most of 
the computers in the computer room, it 
was also common practice for anyone 
to sit at any machine and use it. 

Roper's machine was popular be- 
cause it was generally known that it con- 
tained a number of games programs and 
was situated conveniently close to a ter- 
minal connected to a different network. 

This put a whole new complexion on 
the case and introduced new levels of 
complexity which needed to be taken 
into account when considering the prov- 
enance of files. 

The picture was complicated even 
further when I then discovered that most 
of the image files had been downloaded 
not from the Internet proper but from 
the newsgroups area of an internal server 
named TROG. 

This server, maintained and housed 
at Malvern, mirrored most of the 
newsgroup services (apparently without 
filtering) including those specifically 
concerned with various types of pornog- 
raphy. 

Thus it was possible for a user on the 
Malvern network to switch on a machine, 
be connected to the network without any 
password requirement and then access 
the newsgroups directly. 

The Internet Protocol (IP) address 
normally used in conjunction with a pass- 
word to control and monitor access to 
the Internet (including newsgroups) was 
available without password control on 
TROG. 

This meant that a reasonably experi- 
enced user who wished to conceal his 
machine's access to TROG could sim- 
ply ping a known IP address and if the 
return showed that the number was not 
in use he could then configure his ma- 
chine to that number and gain immedi- 
ate, untraceable access. 

Within the computer department, IP 
addresses were issued in quantity to vari- 
ous personnel as part of their function 
in the installation and maintenance of the 
network around the country. 

Any attempt to trace who had 
downloaded what to where and when was 
thus doomed to failure. For example: 



user 6 X' could sit at a machine, switch 
on and be connected to the network. He 
could then ping known IP addresses un- 
til he found one that wasn't in use and 
then use that one to connect to TROG. 

The SUCKER program was then 
available (perhaps on a different ma- 
chine) to search messages in specified 
areas of the newsgroups and would au- 
tomatically extract and download to a 
previously specified drive/directory, any 
embedded JPG or GIF image files that 
it found within the messages. 

The activity log from TROG indi- 
cated massive use of this program in 
wide-ranging areas of pornography both 
in and out of normal working hours. Ver- 
bal reports suggested that a common 
practice was to start one's machine in 
the morning when work commenced, 
connect to TROG and start SUCKER, 
and then leave it running as a background 
task while continuing normal work in the 
foreground. 

It appeared that personnel were regu- 
larly running out of disk space! Other 
papers in the case indicated that at least 
some of the management had been 
aware of this growing problem some 



months before but nothing had bee 
done. 

In the light of this scenario it seem 
obvious that there was no way in whic 
any particular individual could be hel 
responsible for possessing child poi 
nography. 

However, charges were brought an 
the case was proceeded with. After a fiv 
day trial at Droitwich Magistrates Cour 
Paul Roper was duly acquitted. 

It is interesting to speculate upo 
what would have happened ifhe had bee 
found guilty. Since the images had bee 
downloaded from an internal server (lc 
cated in fact, in the same room as hi 
computer), if he was guilty of posses 
sion then surely so was the owner c 
TROG, the newsgroup server - Her Ma 
esty's Ministry of Defence! 

Other points of interest which aros 
during my analysis of the material cor 
cerned the excellent report prepared b 
the MoD Computer Investigation Uni 
No observations had been made cor 
cerning possible contamination of th 
material, and no comment was mad 
about the origin of image files other tha 
that they were downloaded from the Ir 
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emet. I spoke to the senior investiga- 
or and she pointed out that her remit 
vas simply that the officers in the case 
vere "looking for pom". She had booked 
he hardware in on a Tuesday and the in- 
Iicated seizure date (no time) was given 
the previous day. Although she was 
•■ware that the computer was a networked 
nachine, she was given no information 
.bout the network configuration. So her 
conclusions and comments were not in- 
correct but they were incomplete when 
considered in the wider scheme of 
kings. In feet it must be said that she 
md her team appeared to be the only 
>nes in this whole sorry saga who had 
lone a proper job. 

Looking on the positive side, there 
ire a number of hard-won lessons and 
/ital questions which can be learned 
Tom this case. Firstly, when a network 
s conceived and configured, considera- 
ion must be given to possible illegal or 
macceptable activity once the network 
s operating. A number of questions 
leed to be answered at this time - among 
hem (not necessarily in order or prior- 
ty) are: 

• Is there room within the configu- 
ration for some form of monitoring 
//hich may detect and report any illegal 

ictivity? 

• Is the configuration such that an in- 
ividual can be held responsible for the 
ontents or activity of a specific ma- 
rine? 

• Can personnel introduce unknown 
software? Suckers, defraggers, file 
•hredders, unmonitored passwords and 
•imilar devices, may confuse or destroy 
■ forensic analysis and make reconstruc- 
:^on difficult if not impossible. 

o Have clearly laid out backup pro- 
cedures been set up and is there a sys- 
for regular testing and monitoring 
jf backups? 

• Are personnel properly informed 
c bout their rights and responsibilities 

3ncerning computer based material? 

• Will it be possible to uniquely iden- 
ify machines responsible for illegal 
ictivity? 

• In the Roper case, the illegal ac- 
ivity was passive in that there was no 
ittempt to corrupt machine operation. 
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This is not always the case and it is vital 
that network architects put in place an 
effective system of disaster recovery 
procedures in the event of an active, de- 
structive attack on their systems. 

• Are all relevant personnel kept up 
to date with current security proce- 
dures? 

Should illegal or unacceptable activ- 
ity be detected, a course of action will 
need to be determined and adhered to. 

• Before starting any investigation 
of computers, consider where the worst- 
case scenario might lead. If it is to crimi- 
nal action then secure forensic proce- 
dures must be implemented right from 
the start by isolating and securing the 
data before examination and accurately 
noting the time and circumstances sur- 
rounding it. Even possible civil or dis- 
ciplinary proceedings would certainly 
benefit from this approach to avoid 
needless suspicion or actions for unfair 
dismissal. 

• Once there is any suggestion of il- 
legal activity, act swiftly. Computer evi- 
dence can be extremely volatile and 
what was there today may have melted 



away by morning. 

• Once any in-situ investigation be- 
gins it is vital that accurate notes are 
taken about who does what and when. 
Copies of these should be passed to the 
forensic investigator(s). 

• Accurate dates and times of equip- 
ment seizure are vital to the forensic 
investigator who needs to consider the 
possibility of contamination or compro- 
mise on the material under examination. 
Similarly, accurate peripheral informa- 
tion concerning use and access (particu- 
larly on networks) is essential if a. cor- 
rect picture of events is to be expected. 

One final point, not directly arising 
from the Roper case, is too often ig- 
nored. Consider these questions: 

• No matter how technically adept 
your investigators (at all levels) may be, 
are they aware of the laws of evidence? 

• Having brilliantly recovered and 
analysed gigabytes of data, can they then 
produce firm and valid conclusions and 
observations? More important still, can 
they present their evidence in a simple, 
clear and concise report - and are they 
prepared to face cross-examination in 
court? 
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Anti spamming law 



A recently introduced law in 
Washington State in the US has 
meant people receiving unsolic- 
ited commercial e-mail are auto- 
matically entitled to compensa- 
tion payments. The legislation has 
already had one result and more 
cases are on the horizon. 

The law, which went into effect June 
on 11, makes it illegal to falsify infor- 
mation about the sender, to use false or 
misleading information in the subject 
line, and to use a third party's e-mail ad- 
dress without that party's permission. 

The law, however, only covers e-mail 
originating from a computer located in 
Washington or sent to a Washington e- 
mail address, and will not protect e-mail 
users in other states, unless the message 
was sent from a Washington computer. 

Those breaking the law can be re- 
quired to pay $500 to individual e-mail 
recipients and $1,000 to Internet serv- 
ice providers for each proved violation. 

Under the legislation, would-be junk 
e-mail senders are required to find out 
which of their intended recipients live 
in Washington. 

Bruce Miller, a contributing writer 
to computer publications, is $200 richer 
after threatening legal action against 
Stan Smith, of Salem, Oregon, who so- 
licited buyers for his Tahitian Noni Juice 
through spam. 

Seattle resident Miller, who an- 
swered Smith's number listed in the un- 
solicited e-mail, said that after he re- 
ceived a package of information for or- 
dering the Noni Juice, wrote back to 
Smith and threatened legal action under 
the new anti-spam law. 

"I'm sure people will be very happy 
to see somebody claim a victory for the 
Net," Miller said. 

Miller added: "Basically, I have be- 
gun to use the law to the extent that I 
can. When I can track down a spammer, 
I send a demand-for-damages letter of- 
fering to settle out of court for $200, 
an amount less than the $500 which I am 
entitled to claim as statutory damages 
under the law. 

"Since the law has gone into effect , 
I have sent out 30 such demands." 

Coming just days after this first case, 
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another firm is under the spotlight for 
alleged spamming. 

WorldTouch Network in the US, the 
marketers of Bulls Eye Gold spamming 
software, are being sued under the Wash- 
ington State law by Adam Engst, his 
wife, and two co-workers. 

All four plaintiffs work for Tidbits, 
an electronic newsletter about Macin- 
tosh computers, and are Washington 
State residents. 

The lawsuit was filed against 
WorldTouch Network Inc. and the com- 
pany's California-based owner, 
Christopher Lee Knight, by Seattle- 
based attorney Brady Johnson. 

The action alleges that the company 
sells a program called Bull's Eye Gold, 
designed to collect e-mail addresses and 
generate unsolicited sales-related e- 
mail. 

According to Johnson, WorldTouch 
Network's marketing ploys fall under the 
letter of the law. 

"WorldTouch Network advertises 
Bull's Eye Gold by repeatedly sending 
unsolicited e-mail advertisements that 
extol the program's virtues," he said. 
"They use spam to promote spam." 

In their suit, Tidbits owner Adam 
Engst alleged that WorldTouch uses ran- 
domly generated bogus return addresses 
that claim to originate from large Inter- 
net service providers, when in reality the 
spam is routed through servers in Eu- 
rope. In most cases, Engst said, the spam 
contains no actual subject line in the 
message header, but includes one in the 
message body where e-mail programs 
don't recognise it. 

Under the suit, Johnson is seeking 
an injunction or court order to force 
Knight to stop spamming Washington 
State residents. In addition, he is seek- 
ing statutory damages of $500 per vio- 
lation for each individual plaintiff and 
$1,000 per violation for Engst, who is 
represented as an Internet service pro- 
vider. Total damages so far are more than 
$67,000. 

"We will continue to seek damages 
for each new violation while the suit is 
pending," Johnson said. 

"We want to shut down WorldTouch 
and prove that Washington's anti-spam 
law has teeth," Engst said. 

Spam, said Engst, is on the increase, 



based on his own counts. From April 1, 
1998 Engst said he has received about 
1,100 spam messages. 

In contrast, the number of spam mes- 
sages he has received during the previ- 
ous 12 months numbered only 2,300. 
Tidbits' lawsuit site is at http:// 
www.tidbits .com/anti-spam . 

Washington State Attorney General 
Christine Gregoire said the new law 
would act as a major deterrant but would 
not entirely stop junk e-mail. 

"This is not a perfect law, but it will 
start a process for changing the behav- 
iour of those who use the Internet to 
market their products and services," 
Gregoire said. 

Nevada is the only other state that has 
a similar anti-spam law and consumers 
there who receive spam can ask to be 
removed from the senders' mailing lists. 
If the senders do not act, they could face 
similar financial penalties. 

The US federal government is look- 
ing at national anti-spam legislation, 
Earlier this year, Senators Frank 
Murkowski (R-Alaska) and Roberl 
Torricelli (D-N.J.) included a spam pro- 
vision in S. 1618, the Telephone Anti- 
Slamming Act, which passed the Senate 
last May on a 99-0 vote. 

But many Internet service providers 
are opposed to the proposed law. 

"This bill is hardly a way to reduce 
his constituents' burden because it ena- 
bles all junk mailers 'one free bite' a 
virtually no cost to themselves, but po 
tentially huge costs to those who beai 
the brunt of receiving junk mail," Rache 
Luxemburg, owner of America Commu- 
nications in New York, and a member o 
the Internet Service Providers' Consor- 
tium association ISP/C, said. 

Luxemburg said the group support! 
Rep. Christopher Smith's (R- N.J.; 
Netizens Protection Act of 1997, H.R 
1748, which places the burden of the de 
livery cost of e-mail advertising on th< 
advertiser, by ensuring that consumer! 
will only get advertising which they ac 
tually want and agree to receive. 

The spam ban would include all un 
solicited commercial e-mail, includin] 
get-rich-quick schemes, electronic dat 
ing services, offers of unproved medi 
cal remedies and any other financial o 
sales offer. 
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Shadow group 



Hackers have help breaking 
into government networks. They 
share their resources and tech- 
niques on special mail lists and 
encrypted chat areas 8 

US Government security administra- 
tors are taking a similar team approach 
to combat the intruders. 

A small group of government net- 
work security experts has been using the 
method with industry counterparts. The 
exchanges have helped them form a con- 
sensus, though not full agreement, on 
what to do when an intruder penetrates a 
private network via the Internet. 

The Shadow group includes repre- 
sentatives from several US Defence De- 
partment sites, the Geological Survey 
and Energy's Los Alamos National 
Laboratory. Corporate representatives 
range from General Dynamics Corp. to 
Disney Online. 

Two big efforts have grown out of 
these chats. The first is a book: Compu- 
ter Security Incident Handling Step by 
Step. Published by the Sans Institute of 
Bethesda., at http : //www. sans . org, the 
$27 book discusses how to deal with in- 
trusions, denial of service attacks, 
cybertheft and other security events. 

The book's incident handling report 
lists six stages of response: preparation, 
detection, containment, eradication, re- 
covery and follow-up. By far the largest 
section discusses preparation. It 
stresses yet again the need to be 
proactive and protect networks before 
an attack occurs. 

The Shadow group found that a good 
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place to start is by justifying the need 
for investment in a security infrastruc- 
ture. It also found that many sites don't 
have a solid security policy or even a 
philosophy in place, which slows and 
complicates things when an incident oc- 
curs. 

"You have to choose which philoso- 
phy you will follow and get management 
approval," Northcutt said, before formu- 
lating a response plan. 

And the group learned that everyone 
needs security training. 

The group decided that what works 
for large organisations doesn't always 
suit small ones. 

Large groups have dedicated staffs 
to handle incidents. Small ones gener- 
ally press a staff member into an expert 
role on short notice. 

An inadequately trained network ad- 
ministrator, for example, might begin 
using a privileged account the admin had 
never used before. That would tell in- 



truders they had been detected, so they 
would start destroying evidence and 
cause other damage. 

The Shadow group's discussions 
quickly revealed the flavour of the 
month in hacker attacks. Members 
agreed on ways to deal with malicious 
code attacks (use virus checkers, and 
scan for inexplicable packets sent auto- 
matically from your network out to the 
Internet). 

They also agreed on probes and net- 
work mapping (run your own probes to 
see what can be learned from Simple 
Network Management Protocol com- 
mands and pings). And they talked about 
denial of service attacks (establish an 
emergency backup facility), organised 
espionage (track traffic, point to false 
documents to throw intruders off), 
hoaxes (keep employees informed, 
check the hoax page at http:// 
ciac.llnl.gov, and unauthorised access 
(restrict IP addresses allowed to con- 
nect). 

Surprisingly, Northcutt said he's not 
too concerned about script-driven at- 
tacks that pound away at sites. 

"The information-gathering probes 



Tool to monitor network attacks 



Been hacked? Only the Shadow 
tool may know for sure. 

This is the latest weapon in the 
ongoing war against hackers and 
the first result of the new co-opera- 
tive effort between government and 
private industries to thwart com- 
puter break-ins and security 
breeches. 

"The key problem is that hack- 
ers win because they co-operate and 
security people don't," said the 
SANS Institute, an educational 
group for systems administrators 
and network security specialists. 
"It is time to begin the hard work 
of co-operating in search of solu- 
tions." 

The Shadow detection device is 
already in use monitoring more 
than 40 known attack profiles in in- 
coming network traffic for more 
than 14,000 hosts. According to the 
SANS Institute, analysts using the 



tool have also found three new types 
of attacks. 

Features of the Shadow include 
the following: 

• Uses traffic analysis rather 
than content analysis to assure pri- 
vacy for users. 

• Monitors all ports for all 
protocols instead of just a few* 

• Combines signature moni- 
toring with statistical assessment 
which detects events that filters are 
unable to decode. 

• Requires computing power 
that costs less than $10,000, includ- 
ing the large capacity disks needed 
to store massive amounts of data. 

Details about the Shadow in- 
cluding how to download and in- 
stall it are available by emailing the 
institute at info@sans.org with the 
subject Shadow Description. 
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give me the greatest concern," he said. 
"In several cases, we have noted very 
accurate targeting attack attempts, which 
indicates someone knows a lot about our 
structure." 

DOD sites turn to their computer in- 
cident response teams for fast help. An 
example appears at http:// 
www.assist.rniL 

The second result to come out of the 
Shadow group is called the Co-opera- 
tive Intrusion Detection Evaluation and 
Response project, or CIDER. Also a 
Sans Institute project, with Navy co-op- 
eration, it aims to help organisations 
build their own network monitoring and 
analysis capability. 

CIDER concentrates on two tech- 
niques. The first is TCPdump, a program 
that monitors and filters TCP activity for 
matches that indicate a problem. The 
second is Network Flight Recorder, a set 
of tools under development to monitor, 
archive and alert authorities. 

CIDER details are available at http:/ 
/www.nswc.navy.mil/ISSEC/CID. When 
you visit, you can download intrusion 
detection shareware. But because huge 
log files are kept, you may need to add 
gigabytes of drive space to make it work. 
The tools come with good user endorse- 
ments, however. 

Finally, bear in mind that not all 
emergency recovery scenarios result 
from hacker attacks. External causes 
also include natural disasters, backhoe 
accidents and faulty equipment. Having 
a response plan and a disaster recovery 
plan is the first step to control loss of 
service. 

For a list of Web security tools, visit 
http : //www. p erl . com/latro . 

To monitor UseNet newsgroups 
dealing with security issues, check out 
comp.sys.www.security or 
comp.infosystems.www.cgi . 

See the Best of Security list at best- 
of-security- request@cyber.com.au and 
Computer Emergency Response Team 
advisories at cert-advisory- 
request@cert.org. You can join both 
sites by e-mail. 

Shawn P. McCarthy is a computer 

journalist, webmaster and Internet 
programmer for Cahners Business 

Information Inc. 



Q I have encountered a PC which I 
am told runs under the LINUX op- 
erating system. As I have no expe- 
rience of the Linux operating sys- 
tem can I identify if this is the op- 
erating system that is used on the 
PC or do I need to call in a spe- 
cialist? 

A I will assume that you are working 
with a copy of the computer hard 
drive. You need to examine the par- 
tition table which is located in the 
first physical sector of the drive (cyl- 
inder 0, side 0, sector 1) at offset 
1BE hexadecimal (446 decimal). 

Each entry in the partition table 
is 16 bytes long and there are up to 
four entries in the table. The fifth 
byte in each entry specifies the type 
of partition, therefore the four par- 
tition type entries will be at offsets 
1C2, 1D2, 1E2 and 1F2 in hexadeci- 
mal (450, 466, 482 and 498 deci- 
mal). 

If the hard drive is partitioned for 
use with LINUX one or more of these 
locations will contain either 81, 82 
or 83 Hex. An unused partition will 
have a type 00. On a normal DOS sys- 
tem the locations detailed earlier 
would usually contain either 00, 01, 
04 or 06. Some other partition types 
are 0B and 0C for Windows95 32bit 
FAT, and 07 for OS/2 HPFS or Win- 
dows NT NTFS. 

This should enable you to find out 
if LINUX is installed on the suspect 
system and from that plan your next 
step. 

Q Following on from the previous 
question if Linux is the operating 
system on the PC can the active 
files on the PC be copied off in or- 
der that I can read them in the nor- 
mal way on my Windows system? 

A The simple answer to this is YES but 
it would require either a knowledge 
of LINUX or specialist software. 
The active files could be copied onto 
a storage device so that you could ex- 
amine them on your PC in the same 
way as you would another DOS drive. 

By using this method you can 
keep the cost of specialist help to a 




minimum and use your knowledge of 
the case when examining the active 
files. 

Q I have a computer which is sus- 
pected stolen. Normally in this 
type of enquiry I simply boot the 
computer with a secure DOS disk 
and search drive C: in an attempt 
to identify the original owner. 

The problem is that when I 
boot this computer with my se- 
cure boot floppy disk there Is o.o 
drive C:. Can you suggesl why this 
is and is there anything that I can 
do without going to the expense 
of calling in an expert? 

A This question follows nicely from 
the first one. It may be that the com- 
puter hard drive is configured to use 
an operating system that is not read- 
able under the version of DOS that 
you are using or there may be some 
type of security system installed. 

If you refer to the answer to 
question one you can use the same 
method to help identify the partition 
type and perhaps the reason for the 
drive not appearing as C:. A solution 
would be to use a physical drive 
search engine such as Computer Fo- 
rensics Ltd's - MYCROFT or use the 
physical drive search in Norton. 

Thanks to Chris Magee, ana- 
lyst at Computer Forensics Ltd, 
for this month's Q&A. 

E-mail questions, comments or 
suggestions, to the Journal at 
ij fc@pavilion.co.uk 
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Notice Board 



We will be pleased to receive contributions to this 
page. Please mark all correspondence 'Notice 
Board'* We reserve the right to edit if required. 



Events 



UK - Association of Chief Po- 
lice Officers, Internet Service 
Providers & Government Forum 

22 September 1998, Edinburgh, 
Scotland 

9 October 1998, London, UK 
27 October 1998, Manchester, UK 

• The ACPO/ISP/Government Forum 
is to hold three one-day seminars to 
identify, discuss and address issues re- 
lating to policing of the Internet. 

These are opportunities for those in 
the Internet Industry and Law Enforce- 
ment to be involved in the partnership 
process that is developing to ensure that 
criminal investigations involving the In- 
ternet are carried out quickly and effi- 
ciently with a minimum impact on the 
business of the industry. 

The Forum is aiming to develop a 
memorandum of understanding between 
the Industry and Law Enforcement agen- 
cies describing what information may be 
provided and under what circumstances. 

Proposals and communiques issued 
by the Council of Europe and the Min- 
isters of the G8 countries, together with 
events such as the recent Information 
Warfare Exercise held in England, have 
demonstrated the importance placed on 
these issues both nationally and inter- 
nationally 

These seminars offer unique oppor- 
tunities for delegates to be involved in 
the discussion process aimed at address- 
ing these issues. 

Details of the seminars are: 

Keynote address by a UK Govern- 
ment Minister. 

The Victim's Cost chaired by Tony 
Neate, ACPO Computer Crime Group 

A panel of four speakers will study a 
recent case involving the Internet and 
Internet Service Providers. This case 
will demonstrate the cost, effect and im- 
plications of this type of crime on those 
concerned with the Internet industry. 

Raids & Regulation chaired by 
Simon Janes, Admiral Management 
Services 
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A panel of four speakers, from the 
legal and judicial profession, examining 
criminal and civil liability as it applies 
to Internet Service Providers. The 
speakers will outline and seek to address 
the issues and concerns that Internet 
Service Providers and Police may have. 

Time to Act chaired by Dr Neil 
Barrett, Bull Information Systems 

An interactive panel of eight experts 
from various aspects of law enforce- 
ment, the legal profession and the Inter- 
net Service Industry discussing the criti- 
cal issues that apply to the practicalities 
of policing the Internet. The speakers 
will be able to offer practical advice and 
guidance on handling incidents of com- 
puter crime. 

Into the Future chaired by Nigel 
Jones, ACPO Computer Crime Group 

A panel of five speakers represent- 
ing the leading authorities who are pro- 
moting various initiatives which address 
security and integrity on the Internet. 
Speakers will give a clear indication of 
the benefits that may be accrued from 
these initiatives. 

Closing Address from Keith 
Akerman - Chair ACPO Computer 
Crime Group. 

The speaker will summarise the 
seminar and offer a view as to the man- 
ner in which the Internet Service Indus- 



try and Law Enforcement may under- 
stand each other and work together in 
partnership to secure their common 
aims. 

Contact: FAS Holdings Pic 
Tel: +44(0)1442 828200 

IT Expo 98 - The 9th Asian 
Information Technology 
Exhibition 

Hong Kong Convention and Exhibi- 
tion Centre, September 16-19, 

This event will also focus on the le- 
gal implications of information technol- 
ogy procurement, outsourcing, Y2K is- 
sues and data protection. 

Solicitors, specialising in IT, digital 
media and telecommunications law, will 
be available to answer questions and 
give advice during the first three days 
of the exhibition. 

The Asia-Pacific Mobile Commu- 
nications Symposium 98 and the Pro- 
fessional Mobile Radio Forum 98 are 
scheduled during the event, and the 
Hong Kong International Computer 
Conference will take place on Septem- 
ber 16 and 17. The exhibition will also 
focus on corporate messaging, network- 
ing systems, Internet access, and multi- 
media provisions. 
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